tags:

views:

846

answers:

2
+2  Q: 

web.config + asp.net MVC + location > system.web > authorization + Integrated Security

Hi guys

I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route.

The route in question is '~/Agreements/Upload' and the config I have setup looks like this:

<configuration> 
    ...
 <location path="~/Agreements/Upload">
      <system.web>
          <authorization>
               <allow users="*"/>
          </authorization>
      </system.web>
 </location>
    ...
</configuration>

I have tried a few things and nothing has worked thus far.

In IIS under Directory Security > Authentication Methods I only have "Integrated Windows Authentication" selected. Now this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's the case how do I configure it so that Integrated Security works but allows people who aren't authenticated to access the given route.

Cheers Anthony

A: 

You need to allow anonymous access in IIS as well, as otherwise only windows authenticated users will be able to access anywhere in your site.

You should be able to get your desired behaviour by adding 

<deny users="?"/>
<allow users="*"/>

to the main web.config to deny access by default to anonymous users.

In your <location> section, then change this to be 

<allow users="?"/>

so that anonymous users can get to that part.

David Gardiner  2010-03-31 05:30:11
When I allows allow anonymous access in IIS I seem to lose the ability to pull out the user name of the people using windows integrated security...
vdh_ant  2010-04-05 23:41:48
Ah.. the tricky bit is according to http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx (ASP.NET Authorization) - "Rules contained in application-level configuration files take precedence over inherited rules"
David Gardiner  2010-04-06 06:23:46
+1  A: 

I don't think you can use virtual paths (starting with "~/") in the path attribute. You have to specify paths relative to the location of the Web.config file you are working in.

You can also place a separate Web.config file in the Upload folder with the following content:

<configuration>
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>
Koen  2010-04-28 09:44:11

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?